W95.Esmeralda.807


Aliases: W95/Esmeralda.807
Variants: Esmeralda.807

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 13 Feb 2007
Damage: Low

Characteristics: The W95.Esmeralda.807 program is a virus that is a much uncomplicated fast infector.

More details about W95.Esmeralda.807

This virus adds its codes to the final section of the Portable Executable files having .exe extension. The virus will then hook for the system of the file by utilizing a popular deception used in the W95.CIH that builds the virus code more complicated on debugging it. This virus will then infect all of the .exe files in the format of the Portable Executable files that are being accessed at the same time as virus was located in the memory. Every time the W95.Esmeralda.807 was executed, it will then check the buck that is the lowest one of the register particularly the dr2. If the byte is entitled as a T then the virus will presume that it is a resident already of the system.

This virus sets the byte every time in the function of its hook, consequently one replicate will only be active. The self marker of the virus was placed in the header of the Portable Executable file checksum field. If the value is 0xFFFFF99A, the virus will then presumes the file was infected already. This virus encloses the text “ESMERALDA para Esmeralda Vera Vera Bucaramanga, Colombia, 1999” located at the last part of the body. Seeing that the virus is active in the memory and also infects files on fly, it is merely advisable to disinfect the system that was infected after having a boot coming from a system disk that is clean.